Transcript Professional, Legal and Ethical Issues

Professional, Legal and Ethical
Issues
CPSC 356 Database
Ellen Walker
Hiram College
(Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
Data is Valuable
• Clickstream data (terabytes)
– Data mining for business advantage
• Financial transactions (petabytes)
• Personal information
– Open to identity theft and fraud
Ethical vs. Legal Behavior
• Ethics
– A set of principles of correct conduct or a theory or
a system of moral values
• Law
– A set of rules enacted by and enforced by a
government
• Not all ethical behavior is legal
• Not all unethical behavior is illegal
Sample (US) Laws with Implications
• Sarbanes – Oxley Act
• Health Insurance Portability and
Accountability Act (HIPAA)
• Family Educational Rights and Privacy Act
(FERPA)
Sarbanes Oxley Act (SOX)
• Goal is to tighten requirements on how
companies form boards of directors, interact
with auditors and report finances
• Created in aftermath of Enron scandal
• To comply, companies must consider how
data is collected, processed, secured, and
reported
Complying with SOX
• COBIT is an IT governance framework and
supporting toolset that allows managers to
bridge the gap between control requirements,
technical issues, and business risks.
• COSO is a framework that focuses more
narrowly on internal controls, including
culture, risk assessment, control activities,
reporting and monitoring
Health Insurance Portability and
Accountability Act (HIPAA)
• Release of patient information requires consent forms
– “We can’t tell you anything – we can’t even tell you that we
know anything” – Lynn Taylor
• Standards for electronic health/medical records and
insurance claims
• Establishing a nationally recognized identifier (NOT
SSN) to be used by all employee health plans
• Standards for security of patient data and
transactions
• Need for a nationally recognized identifier for
healthcare providers
Family Educational Rights and
Privacy Act (FERPA)
• Protects privacy of student educational
records
• Parents have rights until age 18 or until
student graduates from HS, then rights
transfer to student
• Schools must have written permission from
student (or parent if pre-college) to release
any information
FERPA Exceptions
• Directory information
– Name, address, date & place of birth, honors
• Designated parties
–
–
–
–
School officials with legitimate need to know
Other schools to which student transfers
Specified officials for audit or evaluation
Whoever needs to know for financial aid
• Compliance with a judicial order or state law
• Health and safety emergencies
Codes of Ethics
• ACM Code (see www.acm.org)
• BCS code (www.bcs.org)
• Areas covered
–
–
–
–
Public interest
Duty to relevant authority
Duty to the profession
Professional competence and integrity
Intellectual Property
• IP = The product of human creativity in the
industrial, scientific, literary and artistic fields
• Examples:
–
–
–
–
–
Invention
Program
Play
Painting
Musical composition
Protecting IP
• Patent
– Very strong protection for limited time, requires
disclosure
• Copyright
– Protects the expression of an idea
• Romeo & Juliet vs. “boy loves girl with tragic ending”
– Much longer term than patent
• Trademark
– Protects a word, symbol, image, sound, etc. with
regard to a specific company (type of goods)
Trade Secret
• A trade secret is protected not by law (no
disclosure), but by secrecy
• If you can figure it out (by reverseengineering), you can legally use it in your
own product
– Not by “reading the source code”
– Not by theft
– Clean room reverse engineering technique
Software
• Generally, protected by copyright, but there
are software patents
– Patent must be for the idea, not the program
– Example: pull-down menu
• Copyright protects the expression, not the
idea
– “Look and feel” lawsuits
Software License
•
•
•
•
Commercial software (perpetual use)
Commercial software (annual fee)
Shareware
Freeware
• Note: only some freeware is open-source;
open-source software can still carry a license,
e.g. GPL